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Pending Claims: 

This listing of claims will replace all prior listings of claims in the application: 

Listing of Claims: 

1. (Cancelled) 

2. (Currently amended) A method comprising: 

receiving, by a receiver, a message from subscriber's user equipment, said 
message indicating that an address of a certificate provisioning gateway for certificate 
issuance and delivery procedure in a visited network is requested by the subscriber's user 
equipment, the certificate provisioning gateway serving at least one certificate authority, 
the message further containing the address of the certificate provisioning gateway; 

obtaining, by a processor, in response to receiving the message, subscriber's 
location information maintained in a mobile communication system; 

determining, by the processor, on the basis of the subscriber's location 
information, an address of the certificate provisioning gateway; 

checking, by the processor, whether or not the address of the certificate 
provisioning gateway received in the message is the same as the address of the certificate 
provisioning gateway determined on the basis of the location information; 

when they are not the same, using, by the processor, the address determined on 
the basis of the location information; and 

authenticating the subscriber; and 

transmitting after the authentication via an authenticated channel to the subscriber's 
user equipment at least part of information required for a certificate issuance service in 
another network than a home network of the subscriber, said at least part of the 
information comprising information required to obtain a certificate from the 
certificate issuance service in the other network. 
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transmitting to the subscriber's user equipment at least part of information required to 
obtain a certificate from the certificate provisioning gateway having the address of th e certificate 
provisioning gat e way . 

3. (Currently amended) A method comprising: 

receiving, by a receiver, a message from subscriber's user equipment, the message 
indicating subscriber's location information and indicating that an address of a certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network is 
requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

using, by the a processor, the subscriber's location information to determine the address 
of the certificate provisioning gateway; and 

authenticating the subscriber; and 

transmitting after the authentication via an authenticated channel to the subscriber's 
user equipment at least part of information required for a certificate issuance service in 
another network than a home network of the subscriber, said at least part of the 
information comprising information required to obtain a certificate from the 
certificate issuance service in the other network. 

transmitting to th e subscriber's us e r equipment at least part of information required to 
obtain a certificate from the certificate provisioning gateway having the determined address. 

4-5. (Cancelled) 

6. (Cancelled) 

7. (Currently amended) The method of claim [[6]] 24, further comprising: 

performing the authentication as an application level authentication. 

8. (Currently amended) The method of claim [[6]] 24, further comprising: 

utilizing said part of the information during a certificate issuance procedure after 
the authentication in a visited network by the user equipment. 
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9. (Currently amended) The method of claim [[6]] 24, further comprising: 

transmitting in said part of the information location network specific information. 

10-12. (Cancelled) 

13. (Currently amended) The method of claim [[6]] 24, further comprising, when 
said part of the information includes at least the address of the certificate provisioning 
gateway via which the certificate issuance service is provided, transmitting from the user 
equipment a certificate request to the certificate provisioning gateway. 

14. (Cancelled) 

15. (Currently amended) The method of claim [[14]] 26, further comprising: 

transmitting the message and the reply message in an integrity protected channel. 

16. (Cancelled) 

17. (Currently amended) The method of claim [[14]] 26, further comprising, when 
said part of the information includes at least the address of the certificate provisioning 
gateway via which the certificate issuance service is provided, transmitting from the user 
equipment a certificate request to the certificate provisioning gateway. 

18-23. (Cancelled) 

24. (Currently amended) A method comprising: 

receiving, by a receiver, a message from subscriber's user equipment, the message 
containing subscriber's location information and indicating that an address of a certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network 
is requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 
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obtaining, by a processor, in response to receiving the message, subscriber's 
location information maintained in a mobile communication system; 

checking, by the processor, whether or not the subscriber's location information 
received in the message corresponds to the subscriber's location information obtained; 

when the subscriber's location information obtained corresponds to the 
subscriber's location information received in the message, message: 

determining, by the processor, on the basis of the subscriber's location 
information the address of the certificate provisioning gateway, gateway and 

transmitting to th e subscriber's user equipment at l e ast part of information 
required to obtain a c e rtificate from the certificate provisioning gat e way having the determined 
addr e ss; and 

authenticating the subscriber, and 

transmitting during the subscriber authentication to the user equipment at least 
part of the information required to obtain a certificate from a certificate issuance service in 
another network than a home network in a mobile communication system after the subscriber 
authentication, the part of the information including at least one from a group comprising an 
address of a certificate provisioning gateway via which the certificate issuance service is 
provided in the other network, the certificate provisioning gateway serving at least one certificate 
authority, a public key required for the certificate issuance service in the other network, and an 
indication of the protocol required for the certificate issuance service in the other network; and 

when the subscriber's location information obtained does not correspond to the 
subscriber's location information received in the message, sending, by the processor, an 
error indication by using the subscriber's location information obtained. 

25. (Currently amended) A method comprising: 

receiving, by a receiver, a message from subscriber's user equipment, the message 
indicating subscriber's location information and indicating that an address of a certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network is 
requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

determining, by the a processor, on the basis of the subscriber's location information 
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the address of the certificate provisioning gateway; and 
authenticating the subscriber; and 

transmitting after the authentication via an authenticated channel to the subscriber's 
user equipment at least part of information required for a certificate issuance service in 
another network than a home network of the subscriber, said at least part of the 
information comprising information required to obtain a certificate from the 
certificate issuance service in the other network. 

transmitting to the subscriber's user equipment at least part of information required to 
obtain a certificat e from the certificat e provisioning gateway having the d e t e rmined address. 

26. (Currently amended) A method comprising: 

receiving, by a receiver, a message from subscriber's user equipment, the message 
containing subscriber's location information and indicating that an address of a certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network 
is requested by the subscriber's user equipment, the certificate provisioning gateway 
serving at least one certificate authority; 

obtaining, by a processor, in response to receiving the message, subscriber's 
location information maintained in a mobile communication system; 

checking, by the processor, whether or not the subscriber's location information 
received in the message corresponds to the subscriber's location information obtained; 

when the subscriber's location information received in the message corresponds 
to the subscriber's location information obtain e d obtained, 

determining, by the processor, on the basis of the subscriber's location 
information the address of the certificate provisioning gateway, gat e way and 

transmitting to the subscriber's user equipment at least part of information 
requir e d to obtain a c e rtificate from the c e rtificate provisioning gateway having the d e termined 
address; and 

authenticating the subscriber, and 

transmitting, in response to the message, to the user equipment in a reply message 
at least part of information required to obtain a certificate from the certificate issuance service in 
another network, the part of the information including at least one from a group comprising an 



Appln. No. 10/705,396 
Filed: November 12, 2003 



Attorney's Docket No.: 39700-583001US/NC37029US 
Customer Number: 64046 



address of a certificate provisioning gateway via which the certificate issuance service is 
provided in the other network, the certificate provisioning gateway serving at least one certificate 
authority, a public key required for the certificate issuance service in the other network, and an 
indication of the protocol required for the certificate issuance service in the other network; 

when the subscriber's location information received in the message does not 
correspond to the location information obtained, sending, by the processor, an error 
indication by using the subscriber's location information received in the message. 

27. (Cancelled) 

28-31. (Cancelled) 

32. (Currently amended) An apparatus, comprising: 
a processor configured 

to serve a certificate authority in a mobile communication system, 

to determine, in response to receiving from subscriber's user equipment a message 
indicating a request for an address of another certificate provisioning gateway than a home 
network of the subscriber for certificate issuance and delivery procedure, the message further 
containing an address of the other certificate provisioning gateway, an address of the other 
certificate provisioning gateway on the basis of subscriber's location information maintained in 
and obtained from the mobile communication system, 

to check whether or not the address of the other certificate provisioning gateway received 
in the message is the same as the address of the other certificate provisioning gateway 
determined on the basis of the subscriber's location information, 

when they are not the same, to use the address of the other certificate provisioning 
gateway determined on the basis of the location information; and 

to authenticate the subscriber; and 

to transmit after the authentication via an authenticated channel to the subscriber's 
user equipment at least part of information required for a certificate issuance service in the other 
network, said at least part of the information comprising information required to obtain a 
certificate from the certificate issuance service in the other network. 
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transmit to the subscriber's user equipm e nt at least part of information required to obtain 
a certificate from the certificate provisioning gateway having the address of the certificate 
provisioning gateway. 

33. (Currently amended) An apparatus, comprising: 
a processor configured 

to serve a certificate authority in a mobile communication system, 
to receive from subscriber's user equipment a message indicating subscriber's location 
information and indicating a request for an address of another certificate provisioning gateway 
than a home network of the subscriber for certificate issuance and delivery procedure in a visited 
network, 

to use the subscriber's location information to determine the address of the other 
certificate provisioning gateway; and 

to authenticate the subscriber; and 

to transmit after the authentication via an authenticated channel to the subscriber's 
user equipment at least part of information required for a certificate issuance service in 
the other network, said at least part of the information comprising information required to obtain 
a certificate from the certificate issuance service in the other network- 
to transmit to the subscriber's user e quipm e nt at least part of information r e quir e d to 
obtain a c e rtificate from the c e rtificate provisioning gateway having the determined address. 

34. (Currently amended) An apparatus, comprising: 
a processor configured 

to serve a certificate authority in a mobile communication system, 
to obtain, in response to receiving from subscriber's user equipment a message containing 
subscriber's location information and indicating that an address of another certificate 
provisioning gateway than a home network of the subscriber for certificate issuance and delivery 
procedure in a visited network is requested, subscriber's location information maintained in the 
system, 

to check whether or not the subscriber's location information received in the message 
corresponds to the subscriber's location information obtained, 
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when the subscriber's location information received in the message corresponds to the 
subscriber's location information obtained, to determine an address of the other certificate 
provisioning gateway on the basis of the subscriber's location information, information and to 
authenticate the subscriber, and to transmit after the authentication via an authenticated channel 
to the subscriber's user equipment at least part of information required for a certificate issuance 
service in the other network, said at least part of the information comprising information required 
to obtain a certificate from the certificate issuance service in the other network transmit to the 
subscriber's user e quipm e nt at l e ast part of information required to obtain a certificate from the 
certificate provisioning gateway having th e d e termined address , and 

when the subscriber's location information obtained from the system does not correspond 
to the subscriber's location information received in the message, to send an error indication by 
using the subscriber's location information obtained. 

35. (Currently amended) An apparatus, comprising: 
a processor configured 

to serve a certificate authority in a mobile communication system, 

to obtain, in response to receiving from subscriber's user equipment a message containing 
subscriber's location information and indicating a request for an address of another certificate 
provisioning gateway than a home network of the subscriber for certificate issuance and delivery 
procedure in a visited network, subscriber's location information maintained in the system, 

to check whether or not the subscriber's location information in the message corresponds 
to the subscriber's location information obtained, and 

to use the subscriber's location information received in the message to determine the 
address of the other certificate provisioning gateway when the subscriber's location information 
received in the message does not correspond to he subscriber's location information obtained, 

to authenticate the subscriber; and 

to transmit after the authentication via an authenticated channel to the subscriber's 
user equipment at least part of information required for a certificate issuance service in 
another network, said at least part of the information comprising information required to obtain a 
certificate from the certificate issuance service in the other network. 
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to transmit to the subscriber's user equipment at least part of information requir e d to 
obtain a certificate from the certificate provisioning gat e way having the det e rmined address. 

36. (Currently amended) An apparatus comprising: 
a processor configured 

to serve a certificate authority in a mobile communication system, 

to obtain, in response to receiving from subscriber's user equipment a message containing 
subscriber's location information and indicating a request for an address of another certificate 
provisioning gateway for certificate issuance and delivery procedure in a visited network, 
subscriber's location information maintained in the system, 

to check whether or not the subscriber's location information received in the message 
corresponds to the subscriber's location information obtained, 

to determine on the basis of the subscriber's location information the address of the other 
certificate provisioning gateway, when the subscriber's location information in the message 
corresponds to the subscriber's location information, information obtain e d, and to authenticate 
the subscriber, and to transmit after the authentication via an authenticated channel to 
subscriber's user equipment the at least part of information required for a certificate issuance 
service in another network than a home network of the subscriber, said at least part of the 
information comprising information required to obtain a certificate from the certificate issuance 
service in the other network transmit to the subscriber's user e quipm e nt at l e ast part of 
information requir e d to obtain a certificat e from the certificat e provisioning gateway having th e 
determined addr e ss , and 

when the subscriber's location information received in the message does not correspond 
to the subscriber's location information obtained, to send an error indication by using the 
subscriber's location information received in the message. 

37. (Previously Presented) The method as claimed in claim 2, wherein a 
certificate authority is a trusted third party. 

38. (Previously Presented) The method as claimed in claim 2, wherein a 
certificate authority is a trusted third party and does not include an authorization, 
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authentication and accounting server. 

39. (Previously presented) The apparatus as claimed in claim 32, wherein a certificate authority 
is a trusted third party. 

40. (Previously presented) The apparatus as claimed in claim 32, wherein a certificate authority 
is a trusted third party and does not include an authorization, authentication and 

accounting server. 



